News for today:

• CloudEagle.ai integration with Netskope. CloudEagle.ai announced an integration with Netskope, for unifying SaaS governance with both comprehensive usage intelligence (h/t CloudEagle) and real-time security assessments (the Netskope value add). Organizations can confidently optimize high-cost, low-risk applications while immediately flagging high-risk applications regardless of usage levels, resulting in measurable cost reduction without compromising security. CloudEagle.ai
• Darktrace / EMAIL updates. Darktrace updated its /EMAIL offering, to protect against multi-channel attacks and verify brand usage. For the first: Darktrace today introduced a new integration between Darktrace / EMAIL and Darktrace / IDENTITY for stronger multi-domain detection and response. When Darktrace / EMAIL detects suspicious patterns like an email bombing campaign, it can now share that signal with Darktrace / IDENTITY to increase sensitivity around the targeted user and more quickly spot attempted account takeovers or impersonation to stop attacks from progressing. For the second, it’s all about BIMI: By pairing BIMI enforcement with Darktrace’s behavioral detection capabilities, organizations can authenticate outbound messages while identifying inbound emails that attempt impersonation, helping to protect both their brand and their users. Darktrace
• DigiCert’s security predictions for 2026. DigiCert announced its security predictions for 2026. Overall, the predictions highlight a pivotal shift toward AI integrity, resilience, and quantum readiness as core tenets of intelligent trust. In first place: AI authenticity will overtake data confidentiality as the top enterprise trust concern. Organizations will require verifiable identity, provenance, and tracking for every model, dataset, and autonomous agent. DigiCert
• Immersive One: Programs launches. Immersive launched Programs, an extension to its Immersive One platform for providing automated, evidence-based learning journeys that map to critical business outcomes. The Programs capability addresses the limitations of traditional training models by providing a dynamic, responsive engine that personalizes learning at scale. Instead of a one-size-fits-all approach, the platform uses data to tailor learning journeys to each user’s skill level, ensuring efficient upskilling while providing management with high-level visibility into organizational risk. Available immediately. Immersive
• AegisAI on what makes a good AI agent for email security. AegisAI talks through its Detect -> Explain -> Act model for a good AI agent for email security. Among the details is this principle: The pattern we see succeed is consistent: start with AI as a very smart recommender, then gradually grant it the right to act on specific classes of threats, always with clear rollback and reporting. That’s how you keep automation turned on in production instead of quietly dialing it back after the first noisy week. AegisAI

News for today:

• More data theft and extortion in manufacturing. A new study by Sophos found that manufacturers are doing better at stopping ransomware attacks before data is encrypted, but in response adversaries are shifting to data theft and extortion-only tactics. 40% of attacks on manufacturers resulted in data encryption, the lowest level in five years and down from 74% last year. However, extortion only attacks surged to 10% from just 3% in 2024 as attackers increase reliance on data theft for leverage. Sophos
• BeyondTrust and Ping Identity. BeyondTrust and Ping Identity introduced a combined offering in the AWS Marketplace, to help large organizations unify identity security. The combined offering is supposed to reduce procurement hassles. Customers can now use this unified solution to automate identity decisions across human and non-human identities, enforce just-in-time least privilege, and modernize Zero Trust initiatives with dramatically reduced deployment complexity. BeyondTrust
• More MCP security protections from Salt. Salt Security increased the protections available in its MCP Finder offering for MCP servers deployed in the AWS ecosystem. With this new capability, Salt enables customers to use their existing AWS WAF deployments to block attacks on MCP infrastructure. The protections are informed by real-time behavioral threat data from Salt’s platform. Salt Security
• On lagging AI security preparedness. A new research report from Cato Networks confirms that security preparedness for AI deployments is lagging at most organizations. 69 percent of respondents report that they lack a monitoring system for AI adoption. Most enterprises remain oblivious to the AI tools that employees are using, what data they are sharing, and what compliance risks may be emerging. This governance gap extends beyond oversight and monitoring. Only 13 percent of respondents consider their organization’s management of shadow AI risks as “highly effective.” Less than one in ten respondents (9 percent) think the organization has a “highly effective” defense against AI-generated cyber threats such as deepfakes, hallucinations, and prompt injection attacks. Cato Networks.

News for today:

• Netskope protections for MCP in Netskope One. Netskope added MCP security capabilities to its Netskope One platform. With the new platform capabilities, Netskope One can protect MCP-enabled AI interactions by providing full visibility into MCP tool use, enforcing least-privilege access, securing sensitive data, and ensuring compliance. Available immediately in preview for current customers; general availability in 1H26. Netskope
• Seclore’s Data Security Intelligence Framework. Seclore launched a data pipeline that shows what’s happening with files that Seclore is protecting / tracking. The Data Security Intelligence Framework automates the flow of Seclore classification and protected file activity logs enabling customers to visualize and interpret their data security, compliance, and business posture through tools like Power BI. Designed for extensibility, this framework provides a scalable, flexible data lake that transforms raw telemetry data into structured, easily queryable formats. It includes pre-built dashboards for the top three use cases: enterprise risk insights, operational usage and utilization, and third-party/supply-chain risk, along with time-series analysis for long-term trend visibility. Seclore
• Salt’s new Ask Pepper AI. Salt Security launched a chat-based UI to its API Protection Platform, based on Amazon Bedrock. Ask Pepper AI provides precise answers about an organization’s unique API environment, accelerating incident response and risk prioritization. The new capability seamlessly integrates with Salt’s three core use cases, API Discovery, Posture Governance, and Threat Protection, making it easier than ever to manage the full lifecycle of APIs. Salt Security
• KnowBe4’s security predictions for 2026. KnowBe4 released four security predictions for 2026: AI agents will reduce MTTR by at least 30%, AI agents will become core operational team members, quantum computers will likely become sufficiently capable of cracking today’s encryption, and organized crime and cybercrime will combine forces. KnowBe4
• Varonis integration with AWS Security Hub. Varonis announced a new integration for ingesting prioritized findings from AWS Security Hub. It then adds context on data sensitivity, identity, and user behavior, and delivers a single view of risk. Varonis helps stop breaches and protect sensitive data with automated remediation and data-centric threat detection. Varonis

News for today:

• Verified brand identities in email. New research from DigiCert finds that consumers appreciate the presence of verified brand identities in email, and are more likely to engage in pre-transaction behaviors as a consequence. With 86% of consumers saying they feel safer when verified logos appear in their inbox, the findings underscore a growing need for organizations to strengthen their email authentication practices. Doing so not only helps protect shoppers from phishing during the busiest online shopping week of the year, but also preserve brand integrity as AI rapidly increases the volume, frequency, and sophistication of phishing emails. DigiCert
• CrowdStrike and AWS on SIEM and cloud security. CrowdStrike introduced a streamlined deployment model for both Falcon Next-Gen SIEM and Falcon Cloud Security via the AWS Marketplace. The enhanced onboarding experience for Falcon Next-Gen SIEM in AWS Marketplace delivers a single location, guided setup that connects directly to core AWS security services – including AWS CloudTrail, AWS Security Hub, and Amazon GuardDuty. This simplified workflow automatically discovers active data sources and begins ingesting telemetry within minutes, eliminating manual configuration and accelerating time-to-value. By streamlining how customers connect their AWS environments to CrowdStrike, organizations can unify data from endpoints, cloud workloads, and identities with AWS telemetry to deliver comprehensive, cross-domain threat detection and response. CrowdStrike
• IT governance predictions for 2026. Omada Identity says identity is a key concern for 2026, with four related predictions: pay better attention to non-human identities, machine identities lack the natural rightsizing opportunities of human identities, getting non-human identities wrong is very costly, and beware black-box autonomous AI agents. On the second: SaaS scale is what makes this extremely challenging:NHIs are managed ad hoc by different teams like DevOps, IT, and data science without clear security accountability. Nobody owns these identities. The developer who created it left two years ago. The project moved teams three times. When you try to right-size permissions, nobody can tell you what it actually needs versus what it has. A primary obstacle in managing non-human identities is the difficulty in identifying their status accurately due to ambiguous ownership. Digital Journal
• Security landscape predictions for 2026. CyXcel forecasts two major changes in the security landscape in 2026: cyber warfare (via the further weaponization of cyberspace in state conflicts) and greater accessibility of AI-generated malware. On the latter, the prospect of malicious insider activity is of high concern. Insiders, such as employees, contractors or partners who already have legitimate access to systems, become a far greater concern. They may not need specialised knowledge or external support to cause serious damage. A disgruntled employee, someone under financial pressure or even an insider manipulated through social engineering could leverage AI-generated malware to sabotage operations, steal data or cripple critical infrastructure from within. SecurityBrief
• Use AI = learn less. New research suggests that relying on AI summaries results in shallower learning compared to using Google Search, the latter of which requires the individual to correlate and synthesize the information they find. ChatGPT users reported less deep knowledge and a lower sense of personal ownership over the knowledge they gained from their search. Additionally, they thought their search yielded less comprehensive information about the topic. Researchers say learning through web search requires engaging in trial-and-error navigation among result links, as well as interpreting and synthesizing the different pieces of information. This may result in better learning outcomes because encountering friction in learning leads to devoting more cognitive resources to overcoming it. Cybernews

News for today:

• WormGPT is back. Research from Unit 42 suggests that WormGPT is back for use in malicious phishing, code dev, and ransomware attack campaigns. WormGPT 4’s language capabilities are not just about producing convincing text. By eliminating the tell-tale grammatical errors and awkward phrasing that often flag traditional phishing attempts, WormGPT 4 can generate a message that persuasively mimics a CEO or trusted vendor. This capability allows low-skilled attackers to launch sophisticated campaigns that are far more likely to bypass both automated email filters and human scrutiny. Unit 42
• Entrust on identity fraud in 2025. Entrust’s recent 2026 Identity Fraud Report highlights the growing threat of deepfakes, social engineering, and injection attacks. New data reveals deepfakes account for one in five biometric fraud attempts, and instances of deepfaked selfies increased by 58% in 2025. Other fraud tactics across biometric systems include photo of a screen, photo of a printout, 2D and 3D masks, video of a video on screen, and video of photo on screen. This rise in deepfakes is part of a broader trend of increasingly sophisticated attacks driven by injection attacks, which surged 40% year-over-year. Injection attacks enable fraudsters to bypass live capture processes by feeding manipulated images or videos directly into verification systems. When combined with deepfakes, these sophisticated techniques can convincingly mimic users and live capture experiences, making detection difficult without robust, multi-layered fraud prevention. Entrust
• Acronis in Australia with OpSys. Acronis announced a partnership with OpSys in Adelaide to provide Acronis’s MDR services to MSPs and clients in Australia. OpSys is the first MSSP for Acronis in Australia. Acronis partnered with OpSys due to its strong market presence in Australia and its proven ability to deliver cybersecurity services to private, public, and government organisations. Built on defence-grade expertise and operating a world-class security operations centre (SOC) capable of dealing with the complex security incidents and sophisticated cyber threats, OpSys will enable MSPs to deliver enterprise-grade MDR services to clients with thousands of seats. With 100% of data processed and stored within Australian borders, OpSys meets the growing demand for true data sovereignty. Acronis
• Rencore Series A funding extended to $15 million. Rencore announced an extension to its Series A funding round, with the total raised now USD $15 million. Intent is to use the additional funds to fast track its expansion in Europe and North America. Building on its established success in Microsoft 365 governance, Rencore has extended its platform to include advanced AI and Agent Governance capabilities. This enables enterprises to control how AI systems interact with business data, ensure responsible AI use, and align with new standards for trust, risk, and security. With the growing adoption of AI in large organizations, these capabilities are becoming essential for CIOs and IT leaders managing Copilot deployments and other AI integrations at scale. Recore

News for today:

• Salt MCP Finder. Salt released a new capability in its Salt Illuminate platform for finding / discovering MCP servers. MCP Finder provides organizations with a complete, authoritative view of their MCP footprint at a moment when MCP servers are being deployed rapidly, often without IT or security awareness. Available immediately. Salt Security
• StackHawk partners with Cycode. StackHawk announced an integration between its application security testing capabilities and Cycode’s application security posture management platform. Cycode’s ASPM platform automatically ingests StackHawk findings and correlates them with SDLC metadata—repositories, commits, branches, and code owners. It enriches findings with context, orchestrates remediation workflows through Jira, GitHub, or GitLab, and tracks fixes through validation using Cycode’s Risk Intelligence Graph. This partnership connects code-to-runtime insights, eliminating the hand-offs and blind spots that slow down modern AppSec programs. StackHawk
• Trend Micro’s new report on cybercrime in 2026. Essentially, you haven’t seen anything yet. The report highlights how generative AI and agentic systems are transforming the economics of cybercrime. Autonomous intrusion campaigns that adapt in real time, polymorphic malware that constantly rewrites its own code, and deepfake-driven social engineering will be standard tools for attackers. The same automation also threatens to flood businesses with synthetic code, poisoned AI models, and flawed modules hidden inside legitimate workflows, blurring the line between innovation and exploitation. Trend Micro
• Cybereason acquisition is completed. Less than six weeks after announcing it, LevelBlue has completed the acquisition of Cybereason. The completed acquisition bolsters LevelBlue’s global leadership in managed detection and response (MDR), incident response, and cybersecurity consulting, creating one of the industry’s most comprehensive and integrated security platforms. Together, the companies combine AI-powered threat detection, elite human expertise, and world-class response capabilities to help clients reduce risk and build long-term cyber resilience. LevelBlue
• Black Friday phishing attempts up 620%. Darktrace analyzed its phishing detections for November, noting a 620% increase in phishing attempts leading up to Black Friday shopping – and it’s not over yet. With attacks already surging, Darktrace warns the threat has not yet peaked, with phishing volumes forecast to climb a further 20–30% during Black Friday week (22–29 November). Darktrace

News for today:

• Arctic Wolf integrates with Abnormal AI. Arctic Wolf announced that its Aurora Platform now integrates with Abnormal AI, bringing email threat detections from Abnormal AI into the Arctic Wolf MDR solution. Customers will benefit from active response and guided remediation from Arctic Wolf’s AI-powered SOC, while gaining unified insight into email-borne threats and the ability to take coordinated response actions such as quarantining malicious messages to reduce dwell time and help stop attacks before they impact the business. Arctic Wolf
• Proofpoint released the Satori Emerging Threats Intelligence Agent. Proofpoint released a new security agent for Microsoft Security Copilot, which brings Proofpoint’s threat intelligence into the defender’s workflow with a chat interface for assessing vulnerabilities. Proofpoint Satori Emerging Threats Intelligence Agent for Microsoft Security Copilot helps defenders accurately identify actively exploited vulnerabilities to effectively prioritize remediation. The agent delivers real-world vulnerability exploitation data drawing from Proofpoint’s globally distributed sensor network and trusted third-party sources. Proofpoint
• NinjaOne conference for MSPs in October 2026. NinjaOne announced its first ever conference for MSPs – scheduled for late October 2026 in Austin, TX. At MSP NXT, attendees can expect keynotes from industry experts, interactive breakout sessions, and hands-on training that deliver practical insights and action plans to improve profitability and enhance customer outcomes. Participants will also have opportunities to network with peers and industry leaders, fostering relationships that will support their future success. NinjaOne
• Semperis study finds ransomware attacks are timed and targeted. A new study on ransomware from Semperis found that the majority of ransomware attacks are timed (for holidays and weekends) and targeted (higher intensity during key corporate events). The report, titled 2025 Ransomware Holiday Risk Report, found that 52% of surveyed organizations in the U.S., UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted on holidays or weekends. Alarmingly, 78% of companies cut security operation center (SOC) staffing by 50% or more, during holidays and weekends, while 6% cut their SOC staffing entirely during these same times. 60% of attacks occurred following an IPO, merger or acquisition, or round of layoffs. Semperis

News for today:

• Identity issues for customers equals issues for the business. New research from Descope confirms that subpar authentication methods and legacy systems for customer identity translates to negative business impacts. … 82% of survey respondents citing at least some negative business impact. Around 52% faced high costs related to auth support tickets, 37% delayed product launches due to identity-related development tasks, and 30% suffered user dropoffs due to complex onboarding. Descope
• Identity security controls central to cyber insurance coverage. Almost all cyber insurers have gone all-in on the importance of identity security controls when assessing insurance eligibility and pricing, per a new report from Delinea. Among the identity controls that matter most, respondents cited Privileged Access Management (PAM) as the top differentiator (41%) in how underwriters viewed their insurability, followed by Identity Governance and Administration (IGA) (38%), and third-party and vendor access controls (32%). Delinea
• … and AI adoption is pretty important, too. From the same report by Delinea, the use of AI in security controls is factoring heavily in insurance decisions. A significant 86% of respondents said their insurers offered premium reductions or credits for their use of AI in security controls. Among those whose overall cyber insurance costs decreased in the past year, 64% credited AI adoption as a key factor. The most cited premium influencer was AI-powered threat detection and monitoring (63%), followed closely by behavioral analytics and auditing (59%). Delinea
• CYE’s new AI capabilities. CYE introduced new AI capabilities for managing cyber exposures, with the intent of shrinking time-to-mitigate. CYE added at least five new capabilities, including AI security posture management: Combining tech and services by CYE’s nation-state–grade team, this program manages enterprises’ AI security posture across organizational AI risk, enterprises’ use of AI across the SDLC, as well as assessing the security posture of internally developed LLMs. CYE
• AegisAI on AI-powered spearphishing. AegisAI released a new report on how AI is impacting spearphishing, including significant growth in annual phishing volumes, use of compromised infrastructure, and more. AI-generated attacks eliminate every one of these red flags… They are contextually relevant, capable of referencing a recent company project, a colleague’s name, or a target’s recent post on LinkedIn. As AI-generated fakes become indistinguishable from legitimate communication, the effectiveness of user training will drop rapidly. We can no longer ask employees to be the shield when the arrows have become invisible. AegisAI
• Netskope and Microsoft. Netskope released new integrations between its security products and various Microsoft products, e.g., Netskope One and Microsoft Purview (for DLP) and Netskope CASB and Microsoft 365 Copilot. … administrators can connect their managed Microsoft 365 Copilot instance to Netskope’s CASB API to gain greater visibility and apply data-at-rest policies, helping businesses foster responsible AI adoption and ensure that sensitive information is not inadvertently shared, misused, or exposed through AI interactions. Netskope enables enterprises to enforce security via DLP and threat protection policies, receive near-real-time alerts, and monitor user activity— helping ensure safe and seamless Microsoft 365 Copilot rollout and adoption. Netskope

News for today:

• Strata AI Identity Gateway and Validation Sandbox. Strata Identity released the AI Identity Gateway, which authenticates, authorizes, and observes every action taken by AI agents across connected services. The AI Identity Gateway enforces least-privilege access via OPA/Rego policy-based authorization at multiple layers, including both initial access and delegated token exchange for short-lived credentials. By validating proof of possession and maintaining comprehensive audit logs of all agent requests, responses, and token exchanges, it prevents over-privileged security threats while ensuring full operational visibility. It also released a sandbox for testing / experimenting with agent identity controls. Strata Identity
• StackHawk and Endor Labs collaboration. StackHawk and Endor Labs announced a collaboration that combines Endor’s SAST (static app security testing) with StackHawk’s DAST (dynamic app security testing) so appsec teams and developers have the full picture on vulnerabilities in code. Endor Labs’ AI-Native SAST identifies code-level flaws, traces how untrusted input flows through the application, determines exploitability, and provides actionable remediation guidance to developers. StackHawk validates whether those vulnerabilities are discoverable and exploitable at runtime. Together, they solve the essential developer question: “What should I actually fix?” StackHawk Endor Labs
• Social media and online marketplaces are scam hotbeds. Malwarebytes shared new research on scammer activity on social media sites and online marketplaces. Scammers take advantage of everyday shopping habits and seasonal stress by imitating trusted brands, sellers or creators in ways that feel entirely authentic. Fifty-one percent of people encounter scams on social media weekly while 27% encounter scams daily. For marketplace shoppers, 36% are hit with a scam weekly and 15% experience one daily. See the full report. Malwarebytes
  • See Bitdefender for the same warning.
  • See KnowBe4 for a complementary warning for retailers.
• OPSWAT’s manufacturing facility in Florida. OPSWAT opened its new production facility in Florida for critical infrastructure cybersecurity solutions. Manufacturing the hardware in-house provides OPSWAT with greater control and quality assurance throughout every stage of production. Dedicated Quality Assurance and Product Management teams oversee rigorous testing and compliance processes to ensure the highest standards are consistently met. The move also enables OPSWAT to accelerate product development and respond swiftly to emerging cybersecurity challenges and customer needs. OPSWAT

Osterman Research surveyed 500 cybersecurity leaders and practitioners in the United States and the United Kingdom for this report, with a focus on how organizations perceive and measure readiness. The survey data we collected and analyzed for Immersive was combined with proprietary performance and benchmarking data from Immersive’s platform and a crisis simulation they ran.

Key findings:

• The cybersecurity industry has become expert at measuring readiness by activity not by outcome.
• Nearly every organization believes it is prepared for the next major incident – but underlying performance data doesn’t support such a conclusion.
• Leaders are relying on false metrics – ones that prove nothing about performance under pressure.
• The are four missteps holding readiness back, including practicing the past, fixating on fundamentals, and excluding the business.
• Organizations are failing for a lack of practiced coordination – not a lack of knowledge.

If cyber readiness and resilience in the face of growing cyber attacks is important to your organization, please get a copy from the Immersive web site, grab a cup of coffee or tea, and read to learn / adjust / improve.

Next action: get your copy of the report – 2025 Cyber Workforce Benchmark Report.